Security requirements are identified by a methodical assessment of security risks. The risk assessment is possible when:
- the boundaries of the forestry-wood manufacturing chain are well defined
- the types of users involved are determined
- the plausible applications are defined
- the storage and retrieval of information is well understood
- the distribution of assets and resources within the system is well understood
The risk analysis shall be performed to identify the vulnerabilities/threats associated with the identification and marking of e.g. logs and other entities. The interconnection of modules/applications and information sharing between users is a part of the risk assessment process. Together with the users, security objectives are set together with a security level such that a control mechanism can be adapted to mitigate or eliminate each risk.
Information security relies on basic properties namely; confidentiality, integrity and availability. Confidentiality is defined as ensuring that information is accessible only to those authorised to have access. The users are active in different phases of the forestry-wood – production manufacturing chain and as such have different needs and process the incoming information accordingly. The information life cycle extends from the identification of a tree, the marking of the log entering the saw mill and the manufacturing of the final product. Integrity is defined as safeguarding the accuracy and completeness of information and processing methods. Data integrity controls shall be implemented to protect data from accidental or malicious alteration or fault and to provide assurance to the user that the information meets expectations about its quality and that it has not been altered.